Device including user exclusive data tag

ABSTRACT

A consumer device is disclosed. The device comprises a body, and a memory comprising a computer readable medium disposed on or within the body. The computer readable medium comprises user exclusive data tag, which can be placed in a user exclusive data tag.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims priority to and is a non-provisional of U.S.provisional patent application No. 61/048,814, filed on Apr. 29, 2008,which is incorporated herein by reference in its entirety for allpurposes.

BACKGROUND

A traditional payment process utilizing a bank issued payment cardincludes the reading of data from a contactless payment card in the formof track data. An authorization request message including the data fromthe contactless payment card is thereafter generated by an accessdevice. This authorization request message is then sent to the issuer ofthe contactless payment card. Other transaction information including anindicator of the type of transaction (e.g., contactless) and the amountof the transaction is also included in the authorization requestmessage. After the issuer receives the authorization request message,the issuer sends an authorization response message back to the merchantwith an immediate authorization or decline of the transaction at thetime of the purchase based on the issuer's rules for authorization. Thisis considered an on-line transaction.

While traditional payment processes such as these are useful, improvedservices and improved functionality in the context of paymenttransactions would also be desirable.

Embodiments of the invention address these and other problems,individually and collectively.

BRIEF SUMMARY

Embodiments of the invention are directed to consumer devices, methods,and systems that use user exclusive data tags such as customer exclusivedata tags in transactions such as purchase transactions.

One embodiment of the invention is directed to a consumer devicecomprising: a body; and a memory comprising a computer readable mediumdisposed on or within the body, the computer readable medium comprisinguser exclusive data, wherein the user exclusive data is configured to betransmitted in an authorization request message comprising the userexclusive data in a user exclusive data tag.

Another embodiment of the invention is directed to a method comprising:receiving, at a server computer, an authorization request messagecomprising user exclusive data in a user exclusive data tag, wherein theuser exclusive data was previously stored in a consumer device;analyzing the authorization request message; and performing additionalprocessing based on the user exclusive data.

Another embodiment of the invention a method comprising: obtaining aconsumer device comprising a body, and a memory comprising a computerreadable medium disposed on or within the body, the computer readablemedium comprising user exclusive data; and using the consumer device tointeract with an access device, wherein the access device thereaftergenerates and sends an authorization request message comprising a userexclusive data tag comprising the user exclusive data to an issuerassociated with the portable consumer device.

Embodiments of the invention are directed to specific combinations ofthese different aspects, as well as specific embodiments related tothose specific aspects.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a block diagram of a system that can be used in someembodiments of the invention.

FIG. 2( a) shows a block diagram of a consumer device in the form of aphone.

FIG. 2( b) shows an illustration of a payment card.

FIG. 3 shows a block diagram of an access device according to anembodiment of the invention.

FIG. 4 shows a block diagram of a computer apparatus.

FIGS. 5-6 show flowcharts illustrating methods performed according toembodiments of the invention.

DETAILED DESCRIPTION

As technology improves over time, so does the opportunity to include newdata to be recognized within a payment processing network, or othersuitable network. This new data, which may be alpha and/or numeric, mayhave various forms depending upon the particular services to beprovided. For example, user data may be defined by the issuer of aportable consumer device and may be specific to their ownimplementation, and/or may be standardized for use by any network nodeor authorized service provider. The data may be static and personalizedonto the portable consumer device prior to issuance. Alternatively oradditionally, it may be dynamic and placed into a data tag by a portableconsumer device based on point of sale parameters. It may be permanentlyencoded in a memory in a portable consumer device such as a card, or maybe changed by the cardholder after issuance of the card.

These services provided after analyzing the data could also be providedby the merchant, payment processing organization, acquirer, or otherthird party on behalf of the issuer. This data may be provided in theclear and may be directly visible by any of the nodes in the system ormay be encrypted and visible by only those that understand theencryption techniques (typically the issuer). Encryption techniques mayinclude symmetric (DES, 3DES) or asymmetric (AES or public keyinfrastructure—PKI) encryption techniques. Encryption techniques may beglobal and applied across all portable consumer devices utilizing masterkeys, or may utilize unique derivation keys for each portable consumerdevice or groups of portable consumer devices

Embodiments of the invention involve the use of a supplementary datafield as a vehicle for providing additional data in the authorizationrequest messages from a point of sale to an issuer. The supplementarydata field may be Field 55 as defined in Visa Contactless PaymentSpecification. The supplementary data (i.e., the user specific data) inthe supplementary data field can be used for a variety of new servicesthat can enhance traditional transactions.

Embodiments of the invention include the use of data tags, assigned orenhanced, to be sent in the supplementary data field, for the purpose ofmoving additional data in authorization request messages. Exemplary datatags may include a user exclusive data tag and a form factor indicatortag. The user exclusive data tag can be a customer exclusive data tag.The data within these tags may be utilized alone or together, and in theclear or encrypted.

A “data tag” may include one or more data elements in any suitable formand typically includes at least a tag identifier element and a valueelement. In some embodiments, a data tag may include a tag identifierelement, a length element, and a value element. The tag identifierelement may be embodied by one or more characters, which indicate acharacteristic of the data tag. For example, a customer exclusive datatag identifier element may indicate that its corresponding data tag isrelated to data that is specifically associated with the consumer. Alength element may indicate the length of the value element in the datatag, or could indicate the length of the data tag itself. For example, alength element, which has the value “4” may indicate that the valueelement may have four characters. The length element advantageouslyindicates the size of its corresponding value element so that a computerapparatus that reads the data tag will know how large the data tag willbe. Lastly, a value element can be a substantive value associated withthe data tag. For example, a consumer's phone number could be asubstantive value and can be an example of user exclusive data orcustomer exclusive data. As an illustration, a data tag including acustomer's phone number might be 99105555555. “99” might be a tagidentifier element indicating a phone number. “10” might be anindication of the length of the value. “5555555555” might be a valuecorresponding to a phone number.

In embodiments of the invention, the payment process can include thereading of additional data from a contactless portable consumer device,or other type of consumer device, in the form of data tags from theportable consumer device. This additional data can be included in asupplementary data field such as Field 55. Additional transactioninformation can be included in the authorization request message to theissuer and can be utilized at any node of the system to provide newservices (i.e. used by the merchant, acquirer, payment processingorganization, issuer, or other third party service providers). Theissuer may provide additional services in addition to the returning ofthe traditional authorization or decline of the transaction at the timeof the purchase.

Embodiments of the invention include the use of a user exclusive datatag. The user exclusive data tag may include user exclusive data. Morespecifically, the user exclusive data tag may be a customer exclusivedata tag. Many of the specific examples below describe the use ofcustomer exclusive data tags and customer exclusive data. It isunderstood that the users of embodiments of the invention need not bestrictly customers that purchase goods and services at a merchant.

User exclusive data (or customer exclusive data) may be in any suitableform. User exclusive data may relate to a characteristic of a portableconsumer device that the user is using (e.g., a phone number associatedwith a having a payment function), or may relate to a characteristic(e.g., the consumer's annual income) or preferences (e.g., a preferencefor receiving alerts when transactions are conducted) of the consumer.Typically, the user exclusive data is uniquely associated with theparticular user (e.g., a consumer). The types of services that can beproduced after analyzing the user exclusive data may include rewards,authentication, risk analysis, etc. Further, the user exclusive data maycorrespond to the “value element” in the tag that is described above.

A “customer exclusive data tag” may be used to include customerexclusive data. Customer exclusive data may be personalized on theportable consumer device prior to issuance and/or derived by the deviceat the point of sale and placed into this data tag in advance of pointof sale authorization. The contents of this tag are then forwarded fromthe point of sale to the issuer, via a payment processing network, inthe supplementary data field as part of an authorization requestmessage.

Table 1 has samples of the types of data that may be included in thecustomer exclusive data tag. Information from this table, suppliedwithin the authorization request message to the issuer, may be useful toservice providers such as merchants, payment processing organizationsand card issuers for a variety of purposes. Below are some examplebusiness uses for this data.

TABLE 1 Examples of Customer Exclusive Data to be Included in a CustomerExclusive Tag Cell Phone Number A phone number may be included in acustomer exclusive data tag and may be used by a service provider tosend authentication request messages to the phone associated with thephone number; there is no need to store this data at the serviceprovider. A phone number may be included in a customer exclusive datatag and provides the service provider with the ability to provide text,coupons, or marketing elements to the phone associated with the phonenumber during a transaction. Email address An e-mail address may beincluded in a customer exclusive data tag and may be used by a serviceprovider to provide for authentication and notification messages to aconsumer via e-mail. Loyalty number(s) of airline Loyalty numbers may beincluded in frequent flyer, hotel programs, a customer exclusive datatag and car rental agencies, etc may be used by a service provider forreporting, assignment of points, and other services. Risk orauthentication data Risk or authentication data may be included in acustomer exclusive data tag and may be used by a service provider toprovide challenge/response information. Alternate ID for transit useother An alternate ID or identifier such as a than PAN transitidentifier may be included in a customer exclusive data tag and may beused by a service provider to determine if it is on a transit hot list.This number can be sent in an authorization request message and crossreferenced to the real PAN for payment. A transit agency can utilizethis number in the clear within their systems. This application can belimited to a transit MCC (merchant category code). Transit fare dataTransit fare data may be included in a customer exclusive data tag andmay be used as a type of monthly pass that is good for a specifiedperiod for a specific agency (e.g., on a mobile device, with updatesover- the-air or OTA) Prepaid data Prepaid value data may be included ina customer exclusive data tag and may be kept in-sync with an issuer'sdata. If the portable consumer device is a mobile device such as aphone, it can be updated over-the- air. Prepaid value data could also bedisplayed on the phone. Off-line transit readers could also know if theprepaid device has value. Government identifying A driver's license,passport number, number(s) or registered travel information may beincluded in a customer exclusive data tag. This information may be usedto authenticate the consumer and may be used for other purposes. Otheraffiliations Affiliation information can be included in a customerexclusive data tag and may be read by reader for entry at an event suchas a ball game, race track, church, bingo hall, etc. PreferencesPreference information for airlines (e.g., window or aisle seat), hotels(e.g., queen or double bed), or restaurants (e.g., smoking or nonsmoking) can be included in a customer exclusive data tag. Thisinformation may be read by a merchant or other service provider andcustomized services may be provided to the consumer. Cardholder name Anencrypted or obscured name or other information that only one ormultiple merchants can decipher can be included in a customer exclusivedata tag. This information may be used for purposes such asauthentication. Internet encrypted PAN A primary account number (PAN),in encrypted or unencrypted form, may be included in a customerexclusive data tag, which is located in a supplemental data field. Analternate PAN may be sent in the normal PAN data field. Other encrypteddata A customer exclusive data tag may include other encrypted data asdefined for a particular service.

Exemplary systems and methods using these data tags are provided below.

I. Exemplary Systems

A system according to an embodiment of the invention is shown in FIG. 1.

FIG. 1 shows a system 20 that can be used in an embodiment of theinvention. The system 20 includes a merchant 22 and an acquirer 24associated with the merchant 22. In a typical payment transaction, aconsumer such as consumer A 30(a) may purchase goods or services at themerchant 22 using a portable consumer device such as portable consumerdevice A 32-1. The consumer may be an individual, or an organizationsuch as a business that is capable of purchasing goods or services. Theacquirer 24 can communicate with an issuer 28 via a payment processingnetwork 26.

As used herein, an “issuer” is typically a business entity (e.g., abank) which maintains financial accounts for the consumer and oftenissues a portable consumer device such as a credit or debit card to theconsumer. A “merchant” is typically an entity that engages intransactions and can sell goods or services. An “acquirer” is typicallya business entity (e.g., a commercial bank) that has a businessrelationship with a particular merchant or other entity. Some entitiescan perform both issuer and acquirer functions. Embodiments of theinvention encompass such single entity issuer-acquirers.

In FIG. 1, three consumers, consumer A 30(a), consumer B 30(b), andconsumer C 30(c) are illustrated. Consumer A 30(a) can use at least twodifferent types of portable consumer devices including consumer device A32-1 and portable consumer device B 32-2. In one example, consumerdevice A 32-1 may be in the form of a phone, while portable consumerdevice B 32-2 may be in the form of a card. The consumer device A 32-1may consequently be used to communicate with the issuer 28 via atelecommunications gateway 60, a telecommunications network 70, and apayment processing network 26. The different consumer devices A 32-1 andB 32-2 could be linked to the same issuer account number, or could belinked to respectively different issuer account numbers. Consumer B30(b) is another consumer that is illustrated in FIG. 1. Consumer B30(b) may use a specific type of consumer device C 32-3 such as a keyfob. Lastly, consumer C 30(c) may use a specific type of consumer device324 such as a personal computer to communicate with the merchant 22 andother parties including the payment processing network 26 and the issuer28 via the Internet 72.

The consumer devices according to embodiments of the invention may be inany suitable form. In some embodiments, the consumer devices areportable in nature and may be portable consumer devices. Suitableportable consumer devices can be hand-held and compact so that they canfit into a consumer's wallet and/or pocket (e.g., pocket-sized). Theymay include smart cards, ordinary credit or debit cards (with a magneticstrip and without a microprocessor), keychain devices (such as theSpeedpass™ commercially available from Exxon-Mobil Corp.), etc. Otherexamples of portable consumer devices include cellular phones, personaldigital assistants (PDAs), pagers, payment cards, security cards, accesscards, smart media, transponders, and the like. The portable consumerdevices can also be debit devices (e.g., a debit card), credit devices(e.g., a credit card), or stored value devices (e.g., a stored valuecard).

Each consumer device may comprise a body, and a memory comprising acomputer readable medium disposed on or within the body. The computerreadable medium may comprise code for a form factor indicator elementcoupled to the body. The form factor indicator element may be in a formfactor indicator tag. The computer readable medium may also comprisecode for one or more customer exclusive data tags (described above). Inaddition, the consumer device may also include a processor coupled tothe memory, where greater functionality and/or security are desired.

Other types of consumer devices may include devices that are notgenerally carried by consumers to make purchases. An example of aconsumer device of this type may be a desktop computer terminal.

The payment processing network 26 may include data processingsubsystems, networks, and operations used to support and deliverauthorization services, exception file services, and clearing andsettlement services. An exemplary payment processing network may includeVisaNet™. Payment processing networks such as VisaNet™ are able toprocess credit card transactions, debit card transactions, and othertypes of commercial transactions. VisaNet™, in particular, includes aVIP system (Visa Integrated Payments system) which processesauthorization requests and a Base II system which performs clearing andsettlement services.

The payment processing network 26 may include a server computer. Aserver computer is typically a powerful computer or cluster ofcomputers. For example, the server computer can be a large mainframe, aminicomputer cluster, or a group of servers functioning as a unit. Inone example, the server computer may be a database server coupled to aWeb server. The payment processing network 26 may use any suitable wiredor wireless network, including the Internet.

The server computer in the payment processing network 26 may comprisecode for receiving, at the server computer, an authorization requestmessage comprising customer exclusive data, where the customer exclusivedata was previously stored in a consumer device; code for analyzing theauthorization request message; and code for performing additionalprocessing based on the customer exclusive data.

The merchant 22 may also have, or may receive communications from, anaccess device 34 that can interact with the portable consumer device 32.The access devices according to embodiments of the invention can be inany suitable form. Examples of access devices include point of sale(POS) devices, cellular phones, PDAs, personal computers (PCs), tabletPCs, handheld specialized readers, set-top boxes, electronic cashregisters (ECRs), automated teller machines (ATMs), virtual cashregisters (VCRs), kiosks, security systems, access systems, and thelike.

If the access device 34 is a point of sale terminal, any suitable pointof sale terminal may be used including card readers. The card readersmay include any suitable contact or contactless mode of operation. Forexample, exemplary card readers can include RF (radio frequency)antennas, magnetic stripe readers, etc. to interact with the portableconsumer devices 32.

In a typical purchase transaction, a consumer such as consumer A 30(a)purchases a good or service at the merchant 22 using a portable consumerdevice such as portable consumer device B 32-2, which may be in the formof a credit card. The consumer's portable consumer device B 32-2 caninteract with an access device 34 such as a POS (point of sale) terminalat the merchant 22. For example, the consumer 30 may take the creditcard and may swipe it through an appropriate slot in the POS terminal.Alternatively, the POS terminal may be a contactless reader, and theportable consumer device B 32-2 may be a contactless device such as acontactless card.

An authorization request message is then forwarded to the acquirer 24.After receiving the authorization request message, the authorizationrequest message is then sent to the payment processing network 26. Thepayment processing network 26 then forwards the authorization requestmessage to the issuer 28 of the portable consumer device B 32-2.

After the issuer 28 receives the authorization request message, theissuer 28 sends an authorization response message back to the paymentprocessing network 26 (step 56) to indicate whether or not the currenttransaction is authorized (or not authorized). The payment processingnetwork 26 then forwards the authorization response message back to theacquirer 24. The acquirer 24 then sends the response message back to themerchant 22.

After the merchant 22 receives the authorization response message, theaccess device 34 at the merchant 22 may then provide the authorizationresponse message for consumer A 30(a). The response message may bedisplayed by the access device 34, or may be printed on a receipt.

At the end of the day, a normal clearing and settlement process can beconducted by the payment processing network 26. A clearing process is aprocess of exchanging financial details between and acquirer and anissuer to facilitate posting to a consumer's account and reconciliationof the consumer's settlement position. Clearing and settlement can occursimultaneously.

II. Exemplary Consumer Devices, Access Devices, and Computer Apparatuses

FIG. 2( a) shows a block diagram of another phone 32′ that can be usedin embodiments of the invention. The exemplary wireless phone 32′ maycomprise a computer readable medium and a body as shown in FIG. 2( a).The computer readable medium 32(b) may be present within the body 32(h),or may be detachable from it. The body 32(h) may be in the form aplastic substrate, housing, or other structure. The computer readablemedium 32(b) may be in the form of (or may be included in) a memory thatstores data (e.g., data relating to issuer specific payment services)and may be in any suitable form including a magnetic stripe, a memorychip, etc. The memory preferably stores information such as financialinformation, transit information (e.g., as in a subway or train pass),access information (e.g., as in access badges), etc. Financialinformation may include information such as bank account information, abank identification number (BIN), credit or debit card numberinformation, account balance information, expiration date, consumerinformation such as name, date of birth, etc. Any of this informationmay be transmitted by the phone 32′.

In some embodiments, information in the memory may also be in the formof data tracks that are traditionally associated with credits cards.Such tracks include Track 1 and Track 2. Track 1 (“International AirTransport Association”) stores more information than Track 2, andcontains the cardholder's name as well as account number and otherdiscretionary data. This track is sometimes used by the airlines whensecuring reservations with a credit card. Track 2 (“American BankingAssociation”) is currently most commonly used. This is the track that isread by ATMs and credit card checkers. The ABA (American BankingAssociation) designed the specifications of this track and all worldbanks must abide by it. It contains the cardholder's account, encryptedPIN, plus other discretionary data.

The phone 32′ may further include a contactless element 32(g), which istypically implemented in the form of a semiconductor chip (or other datastorage element) with an associated wireless transfer (e.g., datatransmission) element, such as an antenna. Contactless element 32(g) isassociated with (e.g., embedded within) phone 32 and data or controlinstructions transmitted via a cellular network may be applied tocontactless element 32(g) by means of a contactless element interface(not shown). The contactless element interface functions to permit theexchange of data and/or control instructions between the mobile devicecircuitry (and hence the cellular network) and an optional contactlesselement 32(g).

Contactless element 32(g) is capable of transferring and receiving datausing a near field communications (“NFC”) capability (or near fieldcommunications medium) typically in accordance with a standardizedprotocol or data transfer mechanism (e.g., ISO 14443/NFC). Near fieldcommunications capability is a short-range communications capability,such as RFID, Bluetooth™, infra-red, or other data transfer capabilitythat can be used to exchange data between the phone 32′ and aninterrogation device. Thus, the phone 32′ is capable of communicatingand transferring data and/or control instructions via both cellularnetwork and near field communications capability.

The phone 32′ may also include a processor 32(c) (e.g., amicroprocessor) for processing the functions of the phone 32 and adisplay 32(d) to allow a consumer to see phone numbers and otherinformation and messages. The phone 32′ may further include inputelements 32(e) to allow a consumer to input information into the device,a speaker 32(f) to allow the consumer to hear voice communication,music, etc., and a microphone 32(i) to allow the consumer to transmither voice through the phone 32′. The phone 32′ may also include anantenna 32(a) for wireless data transfer (e.g., data transmission).

FIG. 3 shows a block diagram of an access device 34 according to anembodiment of the invention. The access device 34 comprises a processor34(c) operatively coupled to a computer readable medium 34(d) (e.g., oneor more memory chips, etc.), input elements 34(b) such as buttons or thelike, a reader 34(a) (e.g., a contactless reader, a magnetic stripereader, etc.), an output device 34(e) (e.g., a display, a speaker, etc.)and a network interface 34(f). The computer readable medium may compriseinstructions or code, executable by a processor. The instructions mayinclude instructions for reading a user exclusive data tag or userexclusive data from a consumer device, generating an authorizationrequest message with the user exclusive data tag or the user exclusivedata, and sending the authorization request message including the userexclusive data tag or the user exclusive data to a service provider suchas an issuer or payment processing network.

The various participants and elements in FIG. 1 may operate one or morecomputer apparatuses (e.g., a server computer) to facilitate thefunctions described herein. Any of the elements in FIG. 1 may use anysuitable number of subsystems to facilitate the functions describedherein. Examples of such subsystems or components are shown in FIG. 4.The subsystems shown in FIG. 4 are interconnected via a system bus 775.Additional subsystems such as a printer 774, keyboard 778, fixed disk779 (or other memory comprising computer readable media), monitor 776,which is coupled to display adapter 782, and others are shown.Peripherals and input/output (I/O) devices, which couple to I/Ocontroller 771, can be connected to the computer system by any number ofmeans known in the art, such as serial port 777. For example, serialport 777 or external interface 781 can be used to connect the computerapparatus to a wide area network such as the Internet, a mouse inputdevice, or a scanner. The interconnection via system bus allows thecentral processor 773 to communicate with each subsystem and to controlthe execution of instructions from system memory 772 or the fixed disk779, as well as the exchange of information between subsystems. Thesystem memory 772 and/or the fixed disk 779 may embody a computerreadable medium.

II. Exemplary Methods

Methods according to embodiments of the invention can be described withrespect to FIGS. 1 and 5. Generally, the method may include obtaining aportable consumer device comprising a body, and a memory comprising acomputer readable medium disposed on or within the body, the computerreadable medium comprising user exclusive data; and using the portableconsumer device to interact with an access device, wherein the accessdevice thereafter generates and sends an authorization request messageto an issuer associated with the portable consumer device. A servercomputer at the issuer or the payment processing network may thereafteranalyze the authorization request message and the user exclusive data inthe authorization request message. The server computer may thereafterperform additional processing using the user exclusive data.

Prior to using the customer exclusive data tag with customer exclusivedata in transactions, a portable consumer device may be loaded with thecustomer exclusive data. The customer exclusive data may berepresentative of the actual data (e.g., a phone number encoded on apayment card) or may be representative of a code or other data elementthat is linked to the actual data. As an example of the latter case, acode such as the letter “1” may be linked to an instruction such assending an alert to the consumer's phone. When a service provider servercomputer determines that a particular data tag has the number “1”, itmay retrieve the instruction to send the alert to the consumer's phoneand may thereafter initiate this function.

In one embodiment, the customer exclusive data may be provided to aservice provider such as a merchant, an organization that operates thepayment processing network, or an issuer. It may be provided to theservice provider in any suitable manner. If the service provider is, forexample, an organization that operates the payment processing network 26or the issuer 28, then the consumer (e.g., consumer C 30(c)) may contacta server computer in the payment processing network 26 or at the issuer28 via the Internet 72, using a standard computing device (e.g.,consumer device C 32-4) operating a standard operating system (e.g., aWindows™ based operating system) and using a standard browser (InternetExplorer)™. The consumer can then provide customer exclusive data to thepayment processing network 26 or the issuer 28. In some embodiments,after receiving the customer exclusive data, the issuer 28 could issueone or more portable consumer devices to the consumer with the customerexclusive data stored in their associated memories. Alternatively, ifthe consumer devices can receive data (e.g., as in the case of phones orcomputers), then the customer exclusive data can be send to the consumerdevices and then stored in them. In yet another embodiment, the consumerdata may be loaded on to the consumer devices by the user using externaldevices such as access devices. For example, a consumer could take astandard payment card with a re-writeable memory to an access devicethat can write the customer exclusive data to the standard payment card.In yet another embodiment, the consumer device itself can generate thecustomer exclusive data. For example, the consumer device can generate adCVV (dynamic card verification value) and this data can be used ascustomer exclusive data. Regardless of how the consumer data is loadedon to the consumer's consumer device, the consumer data may include anyof the particular type or amount of consumer-specific data including anyof the types of data described in FIG. 1.

After the consumer data is loaded into the consumer device, it may beused in a transaction such as payment transaction. In an exemplaryembodiment, a consumer may use a portable consumer device including acustomer exclusive data tag. Illustratively, a consumer A 30(a) mayfirst use his portable consumer device A 32-1 to purchase a good orservice at a merchant 22. The portable consumer device A 32-1 may be inthe form of a phone with a contactless element (as described above withrespect to FIG. 2( a)). When making the purchase, the consumer A 30(a)may pass the portable consumer device A 32-1 by the access device 34, ormay otherwise interact with it (step 202). The customer exclusive datatag may be stored in a memory in the portable consumer device A 32-1.The customer exclusive data tag and account information such as theaccount number associated with the issuer 28 may pass from the portableconsumer device A 32-1 to the access device 34. A reader in the accessdevice 34 can read the customer exclusive data tag and the accountinformation, and a processor in the access device 34 can generate anauthorization request message including the form factor indictor tag,the account information (e.g., a BIN, expiration date, etc.), a merchantcode (e.g., a merchant category code), and the price associated with thegood or service purchased. The access device 34 may then send theauthorization request message to the payment processing network 26 viathe merchant's acquirer 24 (step 204). Although customer exclusive datais included in a customer exclusive data tag in this embodiment,customer exclusive data (or user exclusive data) could be sent in anauthorization request message without being in a tag in otherembodiments of the invention. In addition, in some embodiments, thecustomer exclusive data may be stored in the consumer device, and theaccess device may subsequently receive the customer exclusive data andmay form a customer exclusive data tag with the customer exclusive data.

A server computer in the payment processing network 26 can then receive(step 206) and analyze the authorization request message. It can performadditional processing (step 208) using the customer exclusive data tag,before sending the authorization request message on to the issuer 28 forapproval. For example, the customer exclusive data may include theconsumer's mobile phone number and may also include a preference forreceiving alert messages for transactions that are conducted by theconsumer. The additional processing in this example comprises initiatingthe sending of a notification message to the consumer device (e.g.,portable consumer device A 32-1). The notification message may indicatethat the current transaction is being conducted. Additional processingmay not only involve sending messages after analyzing customer exclusivedata. Other additional processing steps may involve adding points orother benefits to user or consumer accounts, sending messages toentities other than the consumer, performing the transaction in aspecific manner that is different than a normal transaction, etc. Yetother specific examples of additional processing (step 208) are providedbelow.

Although a server at the payment processing network 26 is described asperforming additional processing in this and in other examples in thisapplication, it is understood that other entities including the merchant22, acquirer 24, issuer 28, or a third party processor may perform suchadditional processing using its own server computer.

The authorization request message is then forwarded to the issuer 28 forapproval (step 210). The issuer 28 may then approve or deny thetransaction, depending on whether there is sufficient credit and/orsufficient funds in the consumer A's account. After this, the issuer 28sends an authorization response message back to access device 34 via theacquirer 24 and the payment processing network 26 (step 212).

Examples of New Services Resulting from Extra Data Including CustomerExclusive Data and Form Factor Indicator Tags

Table 1 above has samples of the types of data that may be included inthe customer exclusive data tag. Information from Table 1, suppliedwithin the authorization request message to the issuer, may be useful toservice providers such as payment processing organizations and cardissuers for a variety of purposes. Below are some example uses for thisdata. The specific examples provided below relate to the use of a servercomputer in a payment processing network as the device which receives anauthorization request message and then performs additional processing.Embodiments of the invention, are not, however, limited to this.Embodiments of the invention could also be performed in other ways. Forexample, instead of the payment processing network 26, the issuer 28, ora third party payment processor may perform the functions performed bythe payment processing network 26.

Transaction Notification and Control:

In one embodiment of the invention, a service provider such as an issuer28 or payment processing network 26 could establish a transactionnotification service where the phone, text, or email is used to validatea transaction. For example, a parent could give his card to his childand ask to be notified any time his card is used, anytime a transactionexceeds a predetermined threshold (e.g., $25), or anytime the merchanthas a specified characteristic (e.g. a liquor store). Notification flagscould be of any type, value, merchant name or type, location, count,etc. The notification could be sent to a phone, or other suitabledevice.

Referring to FIG. 1, the consumer A 30(a) may be the child and may use apayment card (portable consumer device B 30-2). The payment card(portable consumer device B 30(b)) may store a customer exclusive datatag with notification data. The notification data may include a codethat indicates that message should be sent to a phone (portable consumerdevice A 32-1) if a purchase is above $100 and/or is made at aprohibited merchant (e.g., a liquor store). When the child makes apurchase with the card (portable consumer device B 30-2) at the merchant22, the child uses the card (portable consumer device B 30-2) tointeract with the access device 34. A processor in the access device 34then receives data including the customer exclusive data tag from thecard 32-2 and generates an authorization request message which is thensent to the issuer 38 via the acquirer 24, and payment processingnetwork 26. Before it is received at the issuer 28, a server computer inthe payment processing network 26 may analyze the authorization requestmessage and the customer exclusive data tag. Information in the customerexclusive data tag may indicate that an alert message is to be sent tothe phone (portable consumer device A 32-1) if the amount of thetransaction exceeds $100. The information in the customer exclusive datatag may be in the form of a code that corresponds to an instruction tosend a message to the phone (portable consumer device A 32-1) if thetransaction exceeds $100. This information may be stored in a databaseat the payment processing network 26. If the amount of the transactionexceeds $100, an alert message is sent from the payment processingnetwork 26 to the telecommunications network 70, and to the phone(portable consumer device A 32-1). In this example, the sending of thealert message may involve additional processing.

In a similar manner, the service provider (e.g., an organization thatoperates the payment processing network 26 or the payment processingnetwork 26 itself) could also establish a notification service for acorporate or fleet card. An employer or supervisor can give a corporatecard to an employee for the purchase of gas or the purchase of othernecessities. For example, the above-described authorization requestmessage may include data that represents an instruction to send an alertmessage to the employee's supervisor, each time or under specificconditions specified by the employer or supervisor. This could allow fornotification and control on specific devices, or groups of devices asconsolidated by the issuer.

In yet another example, fleet card accounting is possible based onparameters established in a host computer system. Using accountingpreferences as established by customer exclusive data from the consumerdevice, logging, receipts, notification, and accounting can be done perdevice or as consolidated based on a master account. The master accountmay be held by an employer and each employee of the employer may operatea different consumer device. Transaction data associated with purchasesmade by each consumer device could be routed to the employer's computersystem.

In embodiments of the invention, the transaction control service couldbe of a passive or active type. In the passive mode, transactions areautomatically allowed or disallowed based on pre-established parametersheld on the consumer device, type, value, merchant name or type,location, count, etc. No notification is necessary. This could be usedto stop this one transaction or all future transactions if theparameters are met. In the active mode, notification by e-mail, textmessage, or phone call is made to ask for the transaction to be allowedor disallowed. The decision or control mechanism is included in thetransaction flow.

Note that in these embodiments, a consumer does not need to register forthe alerts service, since an issuer can load the consumer's portableconsumer device with the consumer's phone number. This advantageouslycan save the consumer time and effort.

Electronic Receipts or Statements:

In other embodiments of the invention, a service provider such as thepayment processing network 26 or the issuer 28 could establish anelectronic receipt service where the phone or other device is used as aplace to receive a receipt. For example, a flag indicating that areceipt is required could be included in the customer exclusive data inan authorization request message which passes from the merchant 22 tothe payment processing network 26. For some merchant types, a receiptmay not be available (such as transit or other high speed point of saleenvironment). As an additional processing step, the receipt could besent from the payment processing network 26 to a phone (e.g., portableconsumer device A 32-1) as a text message or email.

The electronic receipt could be sent, for example, in a pre-definedformat consistent with specific software for expense reports. Forexample, the customer exclusive data tag may include customer exclusivedata which indicates a preference for electronic receipts in a formatthat is compatible with Microsoft Excel™. Alternatively, the receiptcould be, for example, of any free-form format for display on a phonescreen. Which type of receipt to send could be included as part of thedata from the portable consumer device in the customer exclusive data.

Monthly statement preferences could be as defined on the device. Thecustomer exclusive data could indicate that monthly paper statementsshould be mailed, or could indicate that electronic statements should bee-mailed.

Loyalty:

In other embodiments of the invention, there could be information aboutloyalty programs included on the portable consumer device, such as, forexample, loyalty program identification and participation information.The data in the consumer device (portable consumer device B 32-2) couldtell the merchant 22 how to process data as preferred by the cardholder.For example, the customer exclusive data tag in an authorization requestmessage may indicate that the cardholder (e.g., consumer A 30(a)) maychoose to use points before charges are made in cash. As noted above,this authorization request message may be sent from the access device 34to the payment processing network 26 via the acquirer 24. A servercomputer in the payment processing network 26 could then apply points tothe particular transaction being conducted and could then re-format theauthorization request message to the issuer 26 for the differencebetween the transaction price and the value of the points. In anotherexample, it may be possible for the payment processing network 26 toapply one program first in advance of another such as airline mileage,rather than rental car points. In these cases, the data held on theconsumer device (e.g., portable consumer device A 32-1) is used by themerchant 22.

Transaction Security:

Today, in a dynamic CVV (card verification value) process, a deviceapplication transaction counter (ATC) is sent in the clear within theauthorization request message from the access device 34 at the merchant22 to the issuer 28. The information is then used by the issuer 28 todetect fraud. For example, if the ATC does not match the ATC at theissuer, then this may indicate that there is fraud. It is also possiblefor transactions to be recorded and viewed, and under certain scenarios,it may be possible to commit fraud because the security data is nothidden.

In embodiments of the invention, using encryption techniques, customerexclusive data could include the ATC in encrypted format as it isprovided by the portable consumer device (portable consumer device A32-1) to the access device 34. The access device 34 can then transmitthe authorization request message to the payment processing network 26and the issuer 28. This can prevent a would-be fraudster from seeing orutilizing this data. Additionally, there is much more space within thecustomer exclusive data tag to allow for a longer cryptogram (ascompared to conventional message protocols), thereby making thetransaction more secure.

Reloadable Prepaid Account:

Reloadable prepaid cards are sometimes first issued with a temporarycard prior to enrollment. After enrollment, a personalized embossed cardis typically sent as a replacement for the temporary card. Someinteresting opportunities exist when the personalized card is issuedwith customer exclusive data. For instance, a customer exclusive datatag could indicate the mechanism for account replenishment. For example,account replenishment can occur through a monthly payroll, or it can betopped up against another bank account, and an indicator of this may beincluded in a customer exclusive data tag that is sent in anauthorization request message from the access device 34 to the paymentprocessing network 26 and the issuer 28. The customer exclusive data tagcould be used to indicate how to notify the cardholder (e.g., consumer A30(a)) when the account balance is getting low (i.e. through email, textmessage, phone call, etc). In another example, a prepaid card could beissued to a child, and an account associated with the prepaid card canbe topped up with funds from the parent's account. The top up mechanismcould be included on the child's card. When the child's card is used atthe access device 34, an authorization request message including thosetop up preferences may be sent to the prepaid issuer 28.

Proxy Account Information:

For purposes of security, there may be instances where the primaryaccount number (PAN) can be masked during a payment transaction. Forexample, transit fare collection could be an example where the real PANcan be masked due to the off-line nature of bus fare transactions andthe need to store cardholder information, possibly for multiple hours ona bus or other mode of transportation. The customer exclusive data couldbe used in an authorization request message to hold a proxy accountnumber that is linked to the real PAN in the issuer host system. Theproxy account number is read and used by all nodes in the paymentsystem. The proxy account could be limited for use in specific merchanttypes (like transit). For example, the authorization request messagecould be sent from the access device 34 to the issuer 28 via theacquirer 24 and the payment processing network 26. Each of these nodesmay see and use the proxy account number. However, the real PAN may becustomer exclusive data that is determined and analyzed by a servercomputer in the payment processing network 26 or the issuer 28. Normaltransaction processing can take place after the real PAN is determinedby the payment processing network 26 or the issuer 28.

Multi-Application:

College or commercial campus environments many times require multipleapplications with data peculiar to each application. The customerexclusive data in an authorization request message could be used to holdother account data and preferences for such things as student ID,payment preferences, dorm access information or ID, notificationinformation, age verification and identity, etc.

Version Control:

At times the version of a card or application may be important forvariety of reasons. For example, if version 1 of a card or applicationuses one type of encryption and version 2 of a card or application usesanother type of encryption, it would be desirable for the issuer andother service providers to know what card type is being used. Thisinformation could be included in the customer exclusive data to indicateto the payment nodes what version of the card was used.

Form Factor Indictor and Customer Exclusive Data Tags Used Together

Another type of data tag that can be used in conjunction with thecustomer exclusive data tag is a “form factor indicator data tag.” Asthis data is forwarded to the payment processing network and the issuer,the information may be used as necessary by service providers thatrecognize the data for a particular service. The definition of the datawithin this tag may be standardized or may be specific to a particularissuer's definition, and may be in the clear or encrypted.

Payment transactions and other transactions can be initiated by portableconsumer devices other than traditional card form factors. Mini-cards,micro tags, key FOBs, cell phones, watches, and other key chain devicescan be used to initiate a payment transaction at the point of sale.

The form factor indicator tag is available to indicate the capabilitiesof the device used to initiate the transaction at the point of sale. Itis possible for the issuer to personalize one character of track datawith values of 1 to 9 to indicate the device type. It is recognized that9 values may not be sufficient to fully define not only the form factorof the device, but other inherent capabilities that the device maypossess. Although embodiments of the invention are not limited to thesize of a tag, the form factor indicator tag can be sized to 4 bytes (8hex characters) and can be refined with more definition than isavailable with one character in track data. The form factor indicatortag can be transmitted in a supplementary data field in an authorizationrequest message from the point of sale to the issuer during anauthorization process.

A form factor indicator tag may include a form factor indicator element,a device security features element, and a device communications featureselement. The form factor indicator element may include information aboutthe particular form factor of the portable consumer device being used.The device security features element may indicate the type of securityfeatures that are present on the particular portable consumer device.Lastly, the device communications feature element may includeinformation about the particular communication features present in thedevice.

Table 2 provides examples of some types of indications that may beutilized or defined with the form factor indicator tag. As illustratedbelow, the form factor indicator tag may include a form factor indicatorelement, a device security features element, other data elements, and adevice communications technology element.

TABLE 2 Examples of data that can be present in Form Factor IndicatorTag Data 1^(st) byte Form factor indicator Full size card Mini cardMicro tag Mobile device (phone) PDA Watch 2^(nd) byte Device securitySignature panel features element Hologram Embossing Biometric CVV (cardverification value) CVV2 (card verification value 2) dCVV (dynamic cardverification value) CVN 17 (card verification number 17) CVN 10 (cardverification number 10) SDA (static data authentication) DDA (dynamicdata authentication) Text or email capable Pre-registered with issuerfor authentication messaging Crypto coprocessor capable 3^(rd) byteOther data element Other data 4^(th) byte Device ISO 14443 (Proximity)including NFC communications ISO 15693 (Vicinity) technology elementInfra Red Bluetooth GSM or other wide area cellular network

Additional details regarding the use of Customer Exclusive Data Tags areprovided in U.S. patent application Ser. No. ______ entitled “DeviceIncluding Form Factor Indicator,” which is being filed on the same dayas the present application (Attorney Docket No. 16222U-041710US) andwhich is herein incorporated by reference in its entirety for allpurposes.

The form factor indicator tag can be used to initiate a transaction atthe point of sale and may be used by service providers for a variety ofpurposes. It can be used alone or in combination with the customerexclusive data tag.

Referring to FIGS. 1 and 6, a consumer A 30(a) may first use hisportable consumer device A 32-1 to purchase a good or service at amerchant 22. The portable consumer device A 32-1 may be in the form of aphone with a contactless element (as described above with respect toFIG. 2( a). When making the purchase, the consumer A 30(a) may pass theportable consumer device A 32-1 by the access device 34, or mayotherwise interact with it (step 302). The form factor indicator tag maybe stored in a memory in the portable consumer device A 32-1. The formfactor indicator tag and account information such as the account numberassociated with the issuer 28 may pass from the portable consumer deviceA 32-1 to the access device 34. In addition, a customer exclusive datatag may have been previously stored in the memory of the portableconsumer device A 32-1 and it may pass to the access device 34. A readerin the access device 34 can read the customer exclusive data tag, andthe form factor indicator tag and the account information, and aprocessor in the access device 34 can generate an authorization requestmessage including the customer exclusive data tag and the form factorindictor tag, the account information, the merchant code, and the priceassociated with the good or service purchased. The access device 34 maythen send the authorization request message to the payment processingnetwork 26 via the merchant's acquirer 24 (step 304).

A server computer in the payment processing network 26 can then receive(step 306) and analyze the authorization request message and can performadditional processing (step 308) using the form factor indicator tag andthe customer exclusive data tag, before sending the authorizationrequest message on to the issuer 28 for approval.

The authorization request message is then forwarded to the issuer 28 forapproval (step 310). The issuer 28 may then approve or deny thetransaction, depending on whether there is sufficient credit and/orsufficient funds in the consumer A's account. After this, the issuer 28sends an authorization response message back to access device 34 via theacquirer 24 and the payment processing network 26 (step 312).

In one specific example, the form factor indicator tag in theauthorization request message may indicate that the consumer device is amobile phone (byte 1 of the tag). The customer exclusive data tag mayinclude the phone number of the mobile phone. The server computer in apayment processing network 26 or in another location can then send anauthentication message to the consumer device 32-1 by SMS, text, ore-mail as provided in a customer exclusive data tag in the authorizationrequest message. In another example, it is possible to take the formfactor indicator from byte 1 of the form factor indicator tag, and thenuse the consumer device to encrypt it for security purposes. It is thenpossible to send an authorization request message with the encryptedindicator tag to the issuer 28 in the customer exclusive data tag. Thiscould be used as an indication that the transaction was not tamperedwith and that the transaction is authentic.

Although a specific example is provided, it is also understood that anyof the form factor indicator elements in Table 2 may be combined withany of the customer exclusive data elements in Table 1, in any suitableauthorization request message, or other type of message.

Embodiments of the invention have a number of advantages. Because userspecific data is provided in authorization request messages, normalpayment transactions can be conducted and customized in some manner forthe particular consumer that is making the current purchase. Each userexperience can be different, without requiring the user to expend mucheffort.

Embodiments of the invention are not limited to the above-describedembodiments. For example, although separate functional blocks are shownfor an issuer, payment processing network, and acquirer, some entitiesperform (e.g., Discover, AMEX, etc.) all of these functions and may beincluded in embodiments of invention.

Specific details regarding some of the above-described aspects areprovided below. The specific details of the specific aspects may becombined in any suitable manner without departing from the spirit andscope of embodiments of the invention.

It should be understood that the present invention as described abovecan be implemented in the form of control logic using computer softwarein a modular or integrated manner. Based on the disclosure and teachingsprovided herein, a person of ordinary skill in the art will know andappreciate other ways and/or methods to implement the present inventionusing hardware and a combination of hardware and software

Any of the software components or functions described in thisapplication, may be implemented as software code to be executed by aprocessor using any suitable computer language such as, for example,Java, C++ or Perl using, for example, conventional or object-orientedtechniques. The software code may be stored as a series of instructions,or commands on a computer readable medium, such as a random accessmemory (RAM), a read only memory (ROM), a magnetic medium such as ahard-drive or a floppy disk, or an optical medium such as a CD-ROM. Anysuch computer readable medium may reside on or within a singlecomputational apparatus, and may be present on or within differentcomputational apparatuses within a system or network.

The above description is illustrative and is not restrictive. Manyvariations of the invention will become apparent to those skilled in theart upon review of the disclosure. The scope of the invention should,therefore, be determined not with reference to the above description,but instead should be determined with reference to the pending claimsalong with their full scope or equivalents.

One or more features from any embodiment may be combined with one ormore features of any other embodiment without departing from the scopeof the invention.

A recitation of “a”, “an” or “the” is intended to mean “one or more”unless specifically indicated to the contrary.

All patents, patent applications, publications, and descriptionsmentioned above are herein incorporated by reference in their entiretyfor all purposes. None is admitted to be prior art.

1. A consumer device comprising: a body; and a memory comprising acomputer readable medium disposed on or within the body, the computerreadable medium comprising user exclusive data, wherein the userexclusive data is configured to be transmitted in a user exclusive datatag in an authorization request message.
 2. The consumer device of claim1 further comprising: a processor coupled to the computer readablemedium.
 3. The consumer device of claim 1 wherein the consumer device isa phone.
 4. The consumer device of claim 1 wherein the consumer deviceis in the form of a card.
 5. A method comprising: receiving, at a servercomputer, an authorization request message comprising a user exclusivedata tag comprising user exclusive data, wherein the user exclusive datawas previously stored in a consumer device; analyzing the authorizationrequest message; and performing additional processing based on the userexclusive data.
 6. The method of claim 5 further comprising: whereinperforming additional processing comprises initiating the sending of anotification message to the consumer device, and wherein the userexclusive data includes a user's phone number.
 7. The method of claim 6wherein the consumer device is a phone.
 8. The method of claim 5 whereinthe user exclusive data relates to an instruction to send a receipt tothe consumer device.
 9. The method of claim 5 wherein the user exclusivedata comprises consumer preferences.
 10. The method of claim 5 whereinthe authorization request message comprises a BIN.
 11. A computeruseable medium having a computer readable program code embodied therein,said computer readable program code adapted to be executed by aprocessor, the method comprising: receiving an authorization requestmessage comprising user exclusive data in a user exclusive data tag;analyzing the user exclusive data; and performing additional processingbased on the user exclusive data.
 12. The computer useable medium ofclaim 11 wherein the authorization request message further comprises aBIN.
 13. The computer useable medium of claim 11 wherein theauthorization request message further comprises a form factor indicatortag.
 14. A server computer comprising the processor and the computerreadable medium of claim 11 coupled to the processor.
 15. A systemcomprising the server computer of claim
 14. 16. A method comprising:obtaining a consumer device comprising a body, and a memory comprising acomputer readable medium disposed on or within the body, the computerreadable medium comprising user exclusive data; and using the consumerdevice to interact with an access device, wherein the access devicethereafter generates and sends an authorization request messagecomprising a user exclusive data tag with the user exclusive data to anissuer associated with the portable consumer device.
 17. The method ofclaim 16 wherein the consumer device is a phone.
 18. The method of claim16 wherein the consumer device is a card.
 19. The method of claim 16wherein the consumer device is a portable consumer device.
 20. Themethod of claim 16 wherein the authorization request message is sent tothe issuer via a payment processing network.